[Git][security-tracker-team/security-tracker][master] 2 commits: Remove polarssl from dla-needed.txt

Markus Koschany Sat, 09 Nov 2019 07:58:00 -0800


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6db1280f by Markus Koschany at 2019-11-09T15:49:13Z
Remove polarssl from dla-needed.txt

- - - - -
c80cac49 by Markus Koschany at 2019-11-09T15:50:27Z
CVE-2019-16910,polarssl: Mark as no-dsa for Jessie.

The fix is intrusive and API changes are required, compared to the potential
attack vector, this is a minor issue.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7856,6 +7856,7 @@ CVE-2019-16910 (Arm Mbed TLS before 2.19.0 and Arm Mbed 
Crypto before 2.0.0, whe
        [buster] - mbedtls <no-dsa> (Minor issue)
        [stretch] - mbedtls <no-dsa> (Minor issue)
        - polarssl <removed>
+       [jessie] - polarssl <no-dsa> (Minor issue, backport intrusive because 
of API changes)
        NOTE: 
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10
        NOTE: 
https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd
 (2.7.12)
        NOTE: 
https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b
 (2.16.3)


=====================================
data/dla-needed.txt
=====================================
@@ -106,8 +106,6 @@ php-horde-groupware (Mike Gabriel)
 php-horde-trean (Mike Gabriel)
   NOTE: 20191030: No upstream fix, yet. (sunweaver)
 --
-polarssl
---
 python-reportlab (Hugo Lefeuvre)
   NOTE: 20191104: still no upstream fix
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/2d46eb74e83499dd96ca47f63a1ccab5b3da4960...c80cac49e749bd6601ae227faf62bb1402f55b58

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/2d46eb74e83499dd96ca47f63a1ccab5b3da4960...c80cac49e749bd6601ae227faf62bb1402f55b58
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Remove polarssl from dla-needed.txt

Reply via email to